This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Importing SSL cert into PALOALTO Firewall

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Importing SSL cert into PALOALTO Firewall

Go to solution
SamerSaleem
L0 Member

‎04-29-2023 10:02 AM

Hi,

 

I am facing problem when I import the 3rd party generated ssl cert into firewall, for example:

I generated the certificate locally on firewall and named it as mycert and when I exported it, it was named automatically to cert-mycert.csr

after generating the 3rd party key and downloaded locally to my PC, the name of the new certs are on default random naming.

usually I get 3 files: (.pem, .csr) file types.

when I import them, the certificate does not seem to change from pending state.

 

can anyone help please? I know that there is some kind of specific naming process but dont know what exactly to do and on which cert file?

0 Likes Likes
2 ACCEPTED SOLUTIONS

Accepted Solutions

Go to solution
Raido_Rattameister
L7 Applicator

‎04-29-2023 10:22 AM

When you import cert in you need to give it same name as your CSR is in the firewall. For example "mycert" as you mentioned in your case.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

View solution in original post

Go to solution
Adrian_Jensen
L5 Sessionator
In response to SamerSaleem

‎05-01-2023 04:02 PM

@SamerSaleem wrote:

so not the name that was saved on my local drive which is exported to "cert-mycert.csr" automatically?

When you first created the certificate signing request (CSR), you clicked the "Generate" button and then entered a name under "Certificate Name:". When you import the signed certificate click the "Import" button and then enter the same name under "Certificate Name:", and then select whatever filename you have on your desktop (the filename doesn't matter, just the certificate object name). The PaloAlto will automatically match the signed certificate to the previously generate CSR by the same name.

 

The signed certificate need to be a base64-encoded PEM file (either .pem or .cer typically), not a "Windows binary" PEM file. You can open it in notepad and you should see something like:

-----BEGIN CERTIFICATE-----
un098n3rimc09n8mricn93imc9imdcin39j83r03c3d
9ijc9crm93mc9r93m9c8m3mc39mr3f9mr09r0c9irm8
c0948j984j0f0984098j03f08r3mf098j3rmf9843jr
m498j40m984jf048jf0984jrf984kjr9fk4r09fk===
-----END CERTIFICATE-----

 

View solution in original post

0 Likes Likes
5 REPLIES 5

Go to solution
Raido_Rattameister
L7 Applicator

‎04-29-2023 10:22 AM

When you import cert in you need to give it same name as your CSR is in the firewall. For example "mycert" as you mentioned in your case.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

Go to solution
SamerSaleem
L0 Member
In response to Raido_Rattameister

‎04-29-2023 11:04 AM

so not the name that was saved on my local drive which is exported to "cert-mycert.csr" automatically?

0 Likes Likes

Go to solution
Adrian_Jensen
L5 Sessionator
In response to SamerSaleem

‎05-01-2023 04:02 PM

@SamerSaleem wrote:

so not the name that was saved on my local drive which is exported to "cert-mycert.csr" automatically?

When you first created the certificate signing request (CSR), you clicked the "Generate" button and then entered a name under "Certificate Name:". When you import the signed certificate click the "Import" button and then enter the same name under "Certificate Name:", and then select whatever filename you have on your desktop (the filename doesn't matter, just the certificate object name). The PaloAlto will automatically match the signed certificate to the previously generate CSR by the same name.

 

The signed certificate need to be a base64-encoded PEM file (either .pem or .cer typically), not a "Windows binary" PEM file. You can open it in notepad and you should see something like:

-----BEGIN CERTIFICATE-----
un098n3rimc09n8mricn93imc9imdcin39j83r03c3d
9ijc9crm93mc9r93m9c8m3mc39mr3f9mr09r0c9irm8
c0948j984j0f0984098j03f08r3mf098j3rmf9843jr
m498j40m984jf048jf0984jrf984kjr9fk4r09fk===
-----END CERTIFICATE-----

 

0 Likes Likes

Go to solution
emiratesevisaonline
L0 Member

‎05-01-2023 10:01 PM

How to import SSl certificate for my website www.emiratesevisaonline.com

Emirates E visa Online provides Emirates visa, you can apply Emirates Visa Online at https://www.emiratesevisaonline.com
0 Likes Likes

Go to solution
Adrian_Jensen
L5 Sessionator
In response to emiratesevisaonline

‎05-02-2023 11:21 AM

How did you generate a SSL certificate?

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks